Discover how to secure LLM APIs. By the end of this session, you will have complete knowledge of Top 10 LLM vulnerabilities by OWASP with real life examples. You will also learn about 5 most critical LLM Security tests and best practices when deploying and managing LLM APIs.

[What] are LLM APIs?
The first part of the presentation will introduce LLM APIs, discussing how developers use and deploy them. With examples of LLM APIs such as OpenAI's ChatGPT and Google's BERT (Bidirectional Encoder Representations from Transformers).

[Why] secure LLM APIs?
The second part of the presentation will educate the audience on the importance of securing LLM APIs and highlight the top 10 vulnerabilities to consider when deploying or using LLM APIs in code. Real-world examples, including CVE-2023-37274 (Path traversal exploitation in Auto-GPT), Samsung's Data Leak via ChatGPT (Accidental information disclosure), and Meta's LLaMa Leak (Unauthorized model access and data dissemination) will be discussed in detail.

[How] can we ensure security of LLM APIs?
The final part of the presentation will focus on teaching best practices and tests to secure LLM APIs. It will cover 5 critical LLM Security Tests:
1. Test 1: Sensitive Data Exposure in LLMs - AWS Keys: It finds out if the LLM can reveal AWS secret keys when provided with a specific prompt input.
2. Test 2: Insecure Output Handling Test on LLMs: RCE with terminal command.
3. Test 3: Prompt Leak Injection Test on LLMs: It employs RegEx pattern matching to detect internal prompt leaks that may lead to unauthorized access.
4. Test 4: Overreliance test on LLMs - Package Hallucination: It aims to assess the behavior of LLMs when users rely on them to provide accurate and appropriate content.
5. Test 5: OBFUSCATION test on LLMs: It aims to assess how the LLM handles obfuscated or encoded input and whether it can potentially trigger vulnerabilities when decoding such input.